mailing list archives
Re: Appropriate PIX logging level
From: Chuck Swiger <chuck () codefab com>
Date: Thu, 04 May 2006 10:24:31 -0400
Well, does that mean that syslog should be either not reliable (generic
datagram), not portable enough (sdsc), buggy (nsyslogd) or suffering
performance problems (ng) ;-)?
You can get reliable logging with a stock BSD-flavor syslogd if you talk to it
via a named pipe (ie, /var/run/log or equivalent).
In many cases, you want to compress & summarize repeated output, or perform
your initial analysis-identification-filtration steps first and forward on a
summary and the interesting stuff on the devices generated the logging before
you smother some dedicated central "logger" host in a huge volume of low-value
syslog network traffic.
If you've got less than 10MB of data per day (~ 100K events or logfile lines),
you probably don't need to worry about that or keeping several years worth of
On the other hand, when a single busy host can generate 100MB to 1GB of
loggable data per day just running a medium-busy website, understanding what
your volume is, what your ability to process it meaningfully over longer
intervals is and is contrained by (disk space, log analysis processing time,
others), becomes more important.
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
RE: Appropriate PIX logging level Paul Melson (May 04)
Re: Appropriate PIX logging level Miha Vitorovic (May 04)